[Date Prev][Date Next]
Re: OpenLDAP as an address book for MS Outlook
2012/11/30 Victor Sudakov <firstname.lastname@example.org>:
> Howard Chu wrote:
>> > Victor Sudakov wrote:
>> >> I have been trying to investigate what is needed in OpenLDAP to have
>> >> Microsoft Outlook 2007 display a list of names in the addressbook when
>> >> first accessed in the same way that it does with ActiveDirectory/Exchange.
>> > Here is a dump of an LDAP session between Microsoft Outlook and a
>> > CommunigatePro server: http://zalil.ru/34017194 where a list of names
>> > is being displayed.
>> > Could someone with sufficient LDAP knowledge look at it and advise how to
>> > configure OpenLDAP to achieve the same result?
>> Your trace shows two supportedControls and two supportedCapabilities. The
>> controls are for server-side sorting and paged results. OpenLDAP supports
>> paged results intrinsically, and server-side sorting when the sssvlv overlay
>> is configured. If those aren't sufficient to make Outlook behave, then things
>> get trickier.
> I have enabled the sssvlv overlay and now I have them in the server:
> [vas@gw ~] ldapsearch -h localhost -b '' -s base + | egrep
> supportedControl: 1.2.840.113518.104.22.1683
> supportedControl: 1.2.840.113522.214.171.1249
> [vas@gw ~]
> However, Outlook still does not show the list of addresses. So I think the
> next step is necessary.
>> supportedCapabilities is not a standard attribute, it appears to be specific
>> to M$AD. The two supportedCapabilities in your trace are:
>> 1.2.840.1135126.96.36.1990 LDAP_CAP_ACTIVE_DIRECTORY_OID
>> 1.2.840.1135188.8.131.521 LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID
>> If your sssvlv is configured correctly, and Outlook sees both Server Side
>> Sorting and Paged Results in the supportedControls that OpenLDAP returns, but
>> it still doesn't do what you want, then apparently Outlook requires the server
>> to claim to be Active Directory.
> It seems to be so. I did not explicitely configure any sssvlv-* options
> however, I just enabled the overlay in slapd.conf.
>> You could fake this, by copying the schema definition of the
>> supportedCapabilities attribute and loading it into slapd. You would also need
>> to populate the values. You can use the "rootdse" directive to do that. I
>> would guess you only need the first capability, but I don't use Outlook so
>> have no way to verify this.
> Could you please be more specific how I can load the attribute into slapd
> and populate it? Please refer me to an example.
> Thank you very much in advance.
the problem can be that Outlook use SSSVLV controls on attributes
without ordering rules in OpenLDAP. Unfortunately, the 'name'
attribute has no ordering rules, so you can't sort results on name
(this includes, cn, sn, gn attributes, because they inherit from
name). We do not have this limitation on AD (but it breaks LDAP